IRC log of crypto on 2012-06-11

Timestamps are in UTC.

18:53:18 [RRSAgent]

RRSAgent has joined #crypto

18:53:18 [RRSAgent]

logging to http://www.w3.org/2012/06/11-crypto-irc

18:54:04 [wtc]

wtc has joined #crypto

18:54:43 [virginie_galindo]

Chair: Virginie Galindo

18:55:00 [hhalpin]

Zakim, pick a scribe

18:55:00 [Zakim]

sorry, hhalpin, I don't know what conference this is

18:55:05 [hhalpin]

Zakim, this is Crypto

18:55:05 [Zakim]

sorry, hhalpin, I do not see a conference named 'Crypto' in progress or scheduled at this time

18:55:42 [JimD]

JimD has left #crypto

18:55:44 [vgb]

vgb has joined #crypto

18:56:32 [emily]

emily has joined #crypto

18:56:49 [hhalpin]

Zakim, this is SEC_WebCryp

18:56:49 [Zakim]

hhalpin, I see SEC_WebCryp()3:00PM in the schedule but not yet started. Perhaps you mean "this will be SEC_WebCryp".

18:56:56 [hhalpin]

Zakim, this will be SEC_WebCryp

18:56:56 [Zakim]

ok, hhalpin; I see SEC_WebCryp()3:00PM scheduled to start in 4 minutes

18:57:32 [Zakim]

SEC_WebCryp()3:00PM has now started

18:57:41 [Zakim]

+ +33.6.13.23.aaaa

18:58:00 [hhalpin]

agenda+ Welcome

18:58:06 [hhalpin]

agenda+ Survey about API

18:58:16 [hhalpin]

agenda+ Use-cases

18:58:20 [hhalpin]

agenda+ Technical Discussion

18:58:21 [Zakim]

+ +1.707.799.aabb

18:58:29 [hhalpin]

agenda+ Group Logistics

18:58:38 [hhalpin]

Zakim, pick a scribe

18:58:38 [Zakim]

Not knowing who is chairing or who scribed recently, I propose virginie_galindo

18:58:41 [hhalpin]

Zakim, pick a scribe

18:58:41 [Zakim]

Not knowing who is chairing or who scribed recently, I propose virginie_galindo

18:58:43 [hhalpin]

Zakim, pick a scribe

18:58:43 [Zakim]

Not knowing who is chairing or who scribed recently, I propose virginie_galindo

18:58:58 [Zakim]

+Wendy

18:58:58 [Zakim]

+ +1.773.939.aacc

18:59:37 [JimD]

JimD has joined #crypto

18:59:37 [Zakim]

+John_Aberdeen

18:59:51 [Zakim]

+[Microsoft]

19:00:05 [vgb]

Zakim, [Microsoft] is me

19:00:05 [Zakim]

+vgb; got it

19:00:09 [hhalpin]

Zakim, what's the code?

19:00:09 [Zakim]

the conference code is 27978 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), hhalpin

19:00:19 [Zakim]

+ +1.650.214.aadd

19:00:44 [wseltzer]

zakim, aadd is Google

19:00:44 [Zakim]

+Google; got it

19:01:58 [Zakim]

+[Microsoft]

19:02:02 [ddahl]

thanks wseltzer

19:02:14 [Zakim]

+ +1.408.540.aaee

19:02:15 [Zakim]

+ +1.512.257.aaff

19:02:24 [MitchZ]

MitchZ has joined #crypto

19:02:37 [emily]

zakim, aabb is emily

19:02:38 [Zakim]

+emily; got it

19:02:56 [Zakim]

+??P13

19:02:58 [Karen]

Karen has joined #crypto

19:03:02 [hhalpin]

Zakim, ??P13 is hhalpin

19:03:08 [Zakim]

+hhalpin; got it

19:03:14 [MitchZ]

Netflix on area code 408

19:03:23 [Zakim]

+??P14

19:03:24 [hhalpin]

Zakim, who is on the phone?

19:03:24 [Zakim]

On the phone I see virginie_galindo, emily, ddahl, Wendy, Jim_Davenport, vgb, Google, [Microsoft], +1.408.540.aaee, +1.512.257.aaff, hhalpin, ??P14

19:03:24 [Zakim]

Google has rsleevi, wtc

19:03:24 [Zakim]

[Microsoft] has Mike_Jones

19:03:30 [hhalpin]

Zakim, pick a scribe

19:03:30 [Zakim]

Not knowing who is chairing or who scribed recently, I propose +1.512.257.aaff

19:04:41 [Channy]

zakim, Channy is channy_yun

19:04:41 [Zakim]

sorry, Channy, I do not recognize a party named 'Channy'

19:04:47 [wseltzer]

Some good scribe instructions, for further reference: https://www.w3.org/2008/xmlsec/Group/Scribe-Instructions.html

19:04:50 [MitchZ]

zakim aaee is Netflix

19:04:52 [hhalpin]

scribe: Karen

19:05:12 [Karen]

Harry: help scribe

19:05:34 [rsleevi]

rsleevi has joined #crypto

19:05:48 [virginie_galindo]

Zakim, who is on the phone?

19:05:48 [Zakim]

On the phone I see virginie_galindo, emily, ddahl, Wendy, Jim_Davenport, vgb, Google, [Microsoft], Netflix, Karen, hhalpin, ??P14

19:05:51 [Zakim]

Google has rsleevi, wtc

19:05:51 [Zakim]

[Microsoft] has Mike_Jones

19:05:51 [Zakim]

Netflix has MitchZ

19:06:45 [JimD]

zakim, who is talking

19:06:45 [Zakim]

I don't understand 'who is talking', JimD

19:06:55 [JimD]

there is some command to see who is talking

19:07:03 [hhalpin]

Zakim, who is making noise?

19:07:23 [Zakim]

hhalpin, listening for 11 seconds I could not identify any sounds

19:07:35 [sdurbha]

sdurbha has joined #crypto

19:07:41 [markw]

markw has joined #crypto

19:08:17 [Zakim]

+??P18

19:08:29 [ddahl]

Channy: are you on the phone?

19:08:30 [wseltzer]

Channy, are you on the phone or just IRC?

19:08:31 [hhalpin]

Zakim, scribenick Karen

19:08:31 [Zakim]

I don't understand 'scribenick Karen', hhalpin

19:08:49 [hhalpin]

scribenick: Karen

19:09:05 [sdurbha]

p18 sdurbha

19:09:10 [Zakim]

+ +1.978.936.aagg

19:09:14 [wseltzer]

zakim, p18 is sdurbha

19:09:14 [Zakim]

sorry, wseltzer, I do not recognize a party named 'p18'

19:09:19 [wseltzer]

zakim, ??p18 is sdurbha

19:09:19 [Zakim]

+sdurbha; got it

19:09:22 [hhalpin]

Zakim, ??P18 is sdurbha

19:09:22 [Zakim]

I already had ??P18 as sdurbha, hhalpin

19:09:30 [Channy]

ddahl, just IRC

19:09:32 [wseltzer]

zakim, aagg is pgladstone

19:09:32 [Zakim]

+pgladstone; got it

19:09:38 [ddahl]

Channy: thx

19:09:39 [PhilipG]

PhilipG has joined #crypto

19:10:04 [hhalpin]

agenda?

19:10:05 [Karen]

Virginie: agenda

19:10:20 [wseltzer]

-> http://lists.w3.org/Archives/Public/public-webcrypto/2012Jun/0043.html

19:10:57 [Karen]

Other topics?

19:11:20 [hhalpin]

Zakim, who's on the phone?

19:11:20 [Zakim]

On the phone I see virginie_galindo, emily, ddahl, Wendy, Jim_Davenport, vgb, Google, [Microsoft], Netflix, Karen, hhalpin, ??P14, sdurbha, pgladstone

19:11:23 [Zakim]

Google has rsleevi, wtc

19:11:23 [Zakim]

[Microsoft] has Mike_Jones

19:11:23 [Zakim]

Netflix has MitchZ

19:14:15 [tl1]

tl1 has joined #crypto

19:15:35 [wseltzer]

Present +David_Hooley

19:16:03 [virginie_galindo]

http://www.w3.org/2012/06/04-crypto-minutes.html

19:16:16 [Karen]

Virginie: previous minutes http://www.w3.org/2012/06/04-crypto-minutes.html

19:16:18 [hooley]

hooley has joined #crypto

19:16:42 [hhalpin]

PROPOSAL: accept http://www.w3.org/2012/06/04-crypto-minutes.html as minutes for the previous meeting, any objections?

19:16:44 [Karen]

Harry: as long as no one object, it is approved

19:16:55 [hhalpin]

RESOLVED: accepted http://www.w3.org/2012/06/04-crypto-minutes.html as minutes for the previous meeting.

19:17:16 [Karen]

Virginie: take way does not replace minutes

19:17:28 [wseltzer]

zakim, take up agendum 2

19:17:28 [Zakim]

agendum 2. "Survey about API" taken up [from hhalpin]

19:17:42 [virginie_galindo]

http://www.w3.org/2012/webcrypto/wiki/SurveyAnalysis

19:17:42 [ddahl]

http://www.w3.org/2012/webcrypto/wiki/SurveyAnalysis

19:17:53 [hhalpin]

topic: Survey about API

19:18:02 [Karen]

David presents summary

19:18:37 [Karen]

David: most want low level api

19:18:53 [Karen]

david: we will figure out what does that mean

19:19:10 [Karen]

david: one of question does not worded well - who will use api

19:19:40 [Karen]

david: main answer: web app users

19:20:10 [Karen]

david: main activities will be messaging, chatting, signature behind it

19:20:40 [Karen]

david: a good set of data. we can get more answers as we go alone. please read through raw data

19:20:51 [Karen]

virginie: thank you David for the efforts

19:20:59 [wseltzer]

s/alone/along/

19:20:59 [Karen]

virginie: any comments?

19:21:04 [sdurbha]

q+

19:21:07 [hhalpin]

q+

19:21:15 [vgb]

q+

19:21:53 [Karen]

sdurbha: emails seem to want high level api

19:22:24 [Karen]

david: there are still discussions on what that means high or low level api

19:22:49 [Karen]

david: I think low level is better so we can implement more func and follow standard

19:22:59 [Karen]

david: high level api can be built on top

19:23:45 [Karen]

harry: messaging and chatting on top is surprising.

19:23:47 [wtc]

q+

19:24:17 [rsleevi]

q+

19:24:24 [Karen]

vgb: what is not clear - how people think this api with relation to tls

19:24:38 [Karen]

vgb: an addition?

19:24:50 [Karen]

vgb: to implement tls in browser?

19:25:15 [Karen]

virginie: one feature - for web app to manage their security

19:25:30 [hhalpin]

I'm pretty sure we are NOT going to replace TLS :)

19:25:31 [Karen]

virginie: feature 2: tracking tls session

19:25:53 [ddahl]

vgb: I don't think people want to be able to implement all of TLS, however, I think they do want to be able to secure and sign data before this data is pushed to the wire

19:26:05 [ddahl]

wtc: rsleevi: got it! thanks!

19:26:07 [Karen]

p1: ryan and I will contact david later in design api

19:26:15 [wseltzer]

s/p1/wtc/

19:26:23 [Karen]

david: use cases are not to replace tls

19:26:23 [hhalpin]

I imagine we are going to add some functions that let people sign and encrypt some parts of the DOM dynamically using a few cross-browser methods.

19:27:00 [Karen]

david: using secure messaging as an example - three persons involved

19:27:22 [ddahl]

Karen: that is rsleevi :)

19:27:23 [Karen]

david: bob and alice may be two users using carol's service

19:27:49 [Karen]

sorry

19:28:03 [Karen]

rsleevi: tls is only suited for two people talking

19:28:10 [Zakim]

rsleevi, you wanted to respond

19:28:45 [Karen]

virginie: to leverage what david said, we should focus on low level api first

19:29:00 [Karen]

virginie: allow developers to control the operations

19:29:00 [Zakim]

-[Microsoft]

19:29:17 [Karen]

virginie: we can work on high level later

19:29:19 [sdurbha]

+1

19:29:20 [rsleevi]

+1

19:29:21 [hhalpin]

+1

19:29:23 [JimD]

+1

19:29:24 [Karen]

+1

19:29:26 [ddahl]

+1

19:29:28 [hhalpin]

PROPOSAL: Start with low-level

19:29:28 [vgb]

+1

19:29:29 [emily]

+1

19:29:33 [wtc]

+1

19:29:35 [wseltzer]

+1

19:29:49 [hhalpin]

RESOLUTION: Start with low-level API, then focus on high-level API

19:30:11 [Karen]

Virginie: a3 use cases

19:30:16 [wseltzer]

zakim, take up agendum 3

19:30:16 [Zakim]

agendum 3. "Use-cases" taken up [from hhalpin]

19:30:17 [hhalpin]

Zakim, next agendum

19:30:17 [Zakim]

agendum 3 was just opened, hhalpin

19:30:22 [hhalpin]

topic: Use-cases

19:30:38 [wseltzer]

-> http://www.w3.org/2012/webcrypto/wiki/Use_Cases

19:31:09 [Karen]

virginie: channy has updated the use cases http://www.w3.org/2012/webcrypto/wiki/Use_Cases

19:31:26 [Karen]

virginie: channy has updated use cases

19:31:32 [Channy]

Use-cases on wiki were gathered from mailinglist and commnutiy group. It was classified by charter goals. Please feel free to edit by anyone.

19:32:13 [hhalpin]

Any volunteers?

19:32:18 [ddahl]

virginie_galindo: I can help you

19:32:33 [Karen]

virginie: make sure we don't put complicated use cases in the primary features

19:32:55 [wseltzer]

ACTION: Add use-cases from the survey to the wiki

19:33:07 [Channy]

I think it may be rearranged by low-level and high-level.

19:33:07 [Karen]

virginie: use case: validated document

19:33:59 [Karen]

http://lists.w3.org/Archives/Public/public-webcrypto/2012Jun/0022.html

19:34:43 [Zakim]

-hhalpin

19:34:45 [Karen]

document sent by ?

19:34:51 [JimD]

q+

19:35:14 [Karen]

p1: tls proxy is a fact

19:35:30 [wseltzer]

PhilipG: Defense in depth, accepting that TLS proxies are a fact of life, and provide security in the face of those.

19:35:39 [wseltzer]

s/p1/PhilipG/

19:36:20 [Karen]

philip: it is possible for a client to authenticate even if there is tls proxy

19:36:47 [Karen]

ryan: I am concerned that entire web security model is built on tls

19:37:24 [harry]

harry has joined #crypto

19:37:25 [Karen]

ryan: don't know any browser can guarantee the security even with the defense in depth

19:37:50 [harry]

Zakim, what's the code?

19:37:50 [Zakim]

the conference code is 27978 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), harry

19:38:02 [Karen]

virginie: philip you can write down the use case

19:38:19 [Zakim]

+??P10

19:38:22 [Karen]

philip: I am not sure it is relevant

19:38:24 [harry]

Zakim, ??P10 is harry

19:38:24 [Zakim]

+harry; got it

19:38:41 [Karen]

philip: I will write it down anyway

19:39:00 [Karen]

virginie: any suggestions on use cases?

19:39:05 [harry]

q?

19:39:16 [Karen]

Jim: a lot of discussions on smart card

19:39:35 [Karen]

jim: we might want to create an abstraction on hardware devices

19:39:40 [harry]

q+

19:39:50 [harry]

q-

19:40:00 [Karen]

jim: we want to make sure the api we create can support hardware devices

19:40:03 [harry]

Zakim, agenda?

19:40:03 [Zakim]

I see 5 items remaining on the agenda:

19:40:05 [Zakim]

1. Welcome [from hhalpin]

19:40:05 [Zakim]

2. Survey about API [from hhalpin]

19:40:05 [Zakim]

3. Use-cases [from hhalpin]

19:40:05 [Zakim]

4. Technical Discussion [from hhalpin]

19:40:05 [Zakim]

5. Group Logistics [from hhalpin]

19:40:17 [harry]

Zakim, next agendum

19:40:17 [Zakim]

agendum 1. "Welcome" taken up [from hhalpin]

19:40:22 [Karen]

virginie:topics: draft api

19:40:32 [harry]

topic: draft API

19:40:34 [wseltzer]

zakim, take up agendum 4

19:40:34 [Zakim]

agendum 4. "Technical Discussion" taken up [from hhalpin]

19:41:09 [Karen]

virginie: 14min to discuss technical topics

19:41:37 [Karen]

David: latest update is section 7

19:41:53 [virginie_galindo]

http://www.w3.org/2012/webcrypto/WebCryptoAPI/

19:41:54 [Karen]

david: added link to JWA (json algorithms)

19:42:12 [Karen]

david: we will benefit to use same identifiers as jwa

19:42:24 [harry]

+1 re-using identifers from JOSE WG

19:42:24 [Karen]

david: updated examples in the strawman

19:42:32 [virginie_galindo]

s/14min/40min/

19:42:43 [ddahl]

http://www.w3.org/2012/webcrypto/WebCryptoAPI/#algorithms

19:42:50 [rsleevi]

+1 to the re-use

19:43:00 [Karen]

virginie: thank you for the work

19:43:36 [Karen]

david: try to begin proposal on key identifier

19:44:01 [Karen]

david: we might want to add some meta data on key identifier

19:44:38 [Karen]

virginie: proposal GUID from mitch

19:44:46 [Karen]

virginie: will we reuse?

19:44:56 [virginie_galindo]

http://lists.w3.org/Archives/Public/public-webcrypto/2012Jun/0015.html

19:44:58 [rsleevi]

q+

19:45:04 [Karen]

david: that's an ideal way to identity key

19:45:23 [wtc]

q+

19:46:07 [Karen]

ryan: concern: will two users of two different sites have same or different GUID? if the same, it is possible to track user

19:46:30 [Karen]

ryan: I like the string id, which may not have this concern

19:47:10 [Karen]

ryan: example: netflex.p1

19:47:12 [ddahl]

rsleevi: I think the JOSE WG has examples like that - origin + sequence number

19:47:39 [Karen]

p1: agree with ryan

19:47:50 [wseltzer]

s/p1/wtc/

19:48:00 [Karen]

p1: the goal is to unique identify the key so that it can be revoked

19:48:06 [MitchZ]

q+

19:48:42 [Karen]

wtc: hash of a secret key may accomplish the goal of identify the key without reveal the key

19:48:49 [harry]

q+

19:49:24 [Karen]

mitch: privacy concern is the one we share.

19:49:46 [Karen]

mitch: the uuid or hash may reveal too much

19:50:54 [MitchZ]

q-

19:51:12 [Karen]

mitch: we don't need to build all use cases but need to discuss the privacy concern

19:51:12 [harry]

ack harry

19:51:35 [ddahl]

i may be wrong, but the JOSE WG seems to not require any kind of specific id except that it is a string

19:52:56 [Karen]

harry: charter is very clear that we don't want to mandate a particular key identifier scheme

19:53:18 [rsleevi]

The question seems less to do with key identification, and more about key discovery

19:53:25 [Karen]

virginie: we need to name the key in order to handle it

19:53:28 [rsleevi]

Key identification serves as a means of key discovery, but is not the only one

19:53:31 [harry]

i.e also the discovery of the properties of the key

19:53:47 [harry]

which is different than sticking all the properties in its idenfication scheme

19:54:12 [Karen]

virginie: a need for the editors to come out a proposal

19:54:44 [Karen]

virginie: on key identifier.

19:55:00 [Karen]

david: Ryan and others have given feedback

19:55:21 [Karen]

david: enumeration of propertities

19:55:42 [ddahl]

virginie_galindo: +1

19:55:44 [rsleevi]

+1

19:55:46 [Karen]

virginie: it is important and part of the design api

19:56:06 [Karen]

david: will share tomorrow or next day

19:56:42 [Karen]

virginie: next topic: discovery mechanism

19:57:23 [Karen]

virginie: netflex proposal? how to discovery key?

19:57:25 [rsleevi]

q+

19:57:33 [virginie_galindo]

http://lists.w3.org/Archives/Public/public-webcrypto/2012Jun/0030.html

19:57:34 [Karen]

david: no conclusion yet

19:57:45 [Karen]

ryan: do conclusion yet

19:58:14 [Karen]

ryan: need to consider mitch example where a particular key can only be used for a particular purpose case, mode etc

19:58:49 [Karen]

ryan: also need to consider more general use case that the key can be used in more cases

19:58:53 [MitchZ]

Just to throw one more oddball use case out there: we have seen one case of a single keytext block inside of hardware used as any of: DES, 3DES, 2DES (!), and AES-128 algorithms

19:58:57 [MitchZ]

I believe this is unusual, though

19:59:19 [Karen]

ryan: need to design api that can balance these cases

19:59:22 [MitchZ]

and could be handled by simply mapping the single keytext block to several different keys

19:59:30 [ddahl]

also, I have been re-reading all of the latest JOSE JWK specs to help inform this discussion

19:59:40 [MitchZ]

but, cipher mode, padding, etc. may really be limited on a key-by-key basis

19:59:52 [Karen]

virginie: we need to build and write down the api

20:00:08 [Karen]

virginie: expect other participants to help

20:00:23 [Karen]

virginie: next topic: smart card discussion - lot of exchanges

20:00:44 [Karen]

virginie: our charter - we should not put anything specific to smart card

20:00:57 [Karen]

virginie: many use cases that need smart card

20:01:08 [Karen]

virginie: we need to find some ways to handle this

20:01:17 [harry]

we don't want to bake in device-specific API features, but maybe we can do those use-cases with right level of abstraction.

20:01:26 [rsleevi]

q+

20:01:29 [JimD]

use cases should not EXCLUDE smart cards explicitly; however, I agree that we may need to create an abstraction for the use of smart cards or other hardware-based devices

20:01:30 [Karen]

virginie: may be we can have a round table to discuss this

20:01:30 [wtc]

q+

20:01:35 [sdurbha]

q+

20:02:07 [Karen]

ryan: I have no objection to smart card, but have concern on security model

20:02:10 [vgb]

q+

20:02:29 [Karen]

ryan: don't believe any website can benefit from know smart card

20:02:49 [Karen]

ryan: a client having keys stored in smart card is fine

20:02:57 [PhilipG]

q+

20:03:23 [Karen]

ryan: we should not have anything specific to smart card

20:03:32 [harry]

+1 keys stored in smart card

20:03:40 [harry]

i.e. think of it as another container

20:04:06 [Karen]

Chan: I believe all use cases can be met by windows.cypto

20:04:20 [rsleevi]

Karen: s/Chan/wtc/

20:04:48 [JimD]

a browser-specific solution doesn't seem to be a good answer

20:06:09 [Karen]

sdurbha: there are javascript api's that support crypto, but it is not possible to securely transfer keys.

20:06:10 [rsleevi]

sdurbha: As an alternative for/enhancement of <keygen>, correct?

20:06:32 [Karen]

sdurbha: smart card support for keys is very appealing

20:06:45 [sdurbha]

rsleevi, correct

20:06:57 [Karen]

virginie: provisioning of the key is out of the scope

20:07:25 [Karen]

vgb: use case of key management

20:07:26 [Channy]

@JimD, a browser can use standard as like Firefox's impl. http://en.wikipedia.org/wiki/Federal_Information_Processing_Standard

20:08:30 [Karen]

vgb: where does key come from: local storage - not relevant to SC; key exchange; you have a key that is sent by a out of band way

20:08:55 [Karen]

vgb: the service knows it is in a smart card because it gives to the card.

20:09:06 [JimD]

well said, vgb

20:09:20 [PhilipG]

+1

20:09:20 [JimD]

+1

20:09:23 [ddahl]

+1

20:09:27 [sdurbha]

+1

20:09:28 [harry]

+1

20:09:28 [rsleevi]

vgb: +1. I think the matter of smart cards is a matter of key discovery, largely

20:09:31 [Karen]

vgb: we don't need smart card support, but need to know it comes from. e.g. smart card

20:09:34 [virginie_galindo]

+1

20:09:34 [rsleevi]

vgb: -1 to key provisioning within smart cards :)

20:10:07 [MitchZ]

+1, but would aim for a target where the "smart card keys" are used in a way consistent with the "runtime created keys" or "preprovisioned keys"

20:10:11 [wtc]

q+

20:10:27 [MitchZ]

in other words, not necessarily "outside the sandbox" to get to the last part of your comment.

20:10:38 [Karen]

vgb: at the browser level - discover the key

20:11:22 [vgb]

MitchZ, I agree that the API should be consistent between the various types of keys

20:11:27 [Karen]

philip: provided that smart card portability of the key is a part of the use case

20:11:52 [virginie_galindo]

q+

20:11:52 [vgb]

my point was that we should allow the possibility of accessing keys that were not created/initally received within the browser

20:12:17 [Karen]

philip: the easy of use is an important factor

20:12:31 [harry]

hmmm...should we write a proposal/resolution here?

20:12:47 [rsleevi]

harry: wtc and I can take up an ACTION item to propose something

20:12:57 [vgb]

rsleevi - we're in violent agreement :)

20:13:04 [sdurbha]

:)

20:13:07 [Karen]

sorry, I didn't catch that

20:13:13 [vgb]

I have a half-composed email draft on this, will send out ot email list today

20:13:23 [JimD]

Thanks, vgb

20:14:19 [harry]

VGB or Rsleevi, can you write *something* in IRC that captures in 1-3 sentences the precise proposal re the idea of accessing keys?

20:14:56 [Karen]

Virginie: vgb and ryan will propose something

20:14:58 [rsleevi]

harry: The browser should be agnostic as to the 'source' of the key - whether within the browser or outside

20:14:59 [harry]

ACTION: VGB and RSleevi to write a proposal and send to mailing list for approval next meeting

20:15:23 [vgb]

Basic proposal on key access: there are 3 families of use cases

20:15:40 [Karen]

virginie: next topic: group life

20:15:47 [vgb]

1. Ephemeral / local-only use, as for local encrypted storage

20:15:51 [wseltzer]

zakim, take up agendum 5

20:15:51 [Zakim]

agendum 5. "Group Logistics" taken up [from hhalpin]

20:15:59 [vgb]

2. Keys created through key exchange

20:16:07 [Karen]

virginie: f2f meeting - 24-25th of july

20:16:15 [vgb]

3. Keys that are distributed to parties and provisioned offline

20:16:19 [harry]

maybe do a quick go through in IRC to see who can come to those dates?

20:16:27 [Karen]

virginie: who will be ready to attend the meeting?

20:16:28 [wseltzer]

PROPOSAL: F2F July 24-25.

20:16:30 [ddahl]

+1

20:16:33 [Karen]

+1

20:16:35 [virginie_galindo]

+1

20:16:37 [rsleevi]

-1

20:16:40 [wtc]

+1

20:16:41 [JimD]

-1 on other travel that week

20:16:45 [harry]

+1 (assuming no conflict with IETF)

20:16:51 [emily]

-1 (unlikely to be able to attend any f2f)

20:17:01 [vgb]

The proposal is that while the API model should treat all these keys consistently as much as possible, it should also provide a discovery model for the 3rd class, since that is a special need for that class

20:17:10 [Karen]

+1 for Asad I guess

20:17:16 [wseltzer]

+1

20:17:17 [MitchZ]

+1

20:17:35 [MitchZ]

+1 for Mark Watson

20:17:37 [vgb]

+1

20:17:48 [Channy]

-1 (no sponsorship for travel :)

20:18:05 [ddahl]

rsleevi: will you be available for phone calls those days?

20:18:33 [rsleevi]

ddahl: I wouldn't trust my phone where I'm going to be (Black Hat Briefings) ;-)

20:18:41 [Karen]

virginie: location?

20:18:45 [ddahl]

rsleevi: ah, thanks

20:19:16 [Karen]

virginie: any problem moving to silicon valley?

20:20:18 [Karen]

David: we can accomodate at mountain view office

20:20:35 [harry]

RESOLVED: Meeting 24-25th in Vancouver ala poll

20:20:41 [Karen]

virginie: thank you all.

20:20:57 [harry]

Meeting Adjourned

20:21:06 [wseltzer]

Meeting: WebCrypto Working Group

20:21:07 [harry]

RRSAgent, generate minutes

20:21:07 [RRSAgent]

I have made the request to generate http://www.w3.org/2012/06/11-crypto-minutes.html harry

20:21:14 [Zakim]

-vgb

20:21:14 [Karen]

you are welcome. Sorry for missing some points

20:21:15 [Zakim]

-pgladstone

20:21:17 [Zakim]

-emily

20:21:18 [Zakim]

-sdurbha

20:21:18 [Zakim]

-??P14

20:21:19 [Zakim]

-Netflix

20:21:19 [Zakim]

-ddahl

20:21:20 [Zakim]

-Google

20:21:21 [wseltzer]

zakim, list participants

20:21:21 [Zakim]

As of this point the attendees have been +33.6.13.23.aaaa, +1.707.799.aabb, virginie_galindo, Wendy, +1.773.939.aacc, Jim_Davenport, vgb, +1.650.214.aadd, rsleevi, wtc, ddahl,

20:21:24 [Zakim]

... +1.408.540.aaee, +1.512.257.aaff, Mike_Jones, emily, hhalpin, Karen, MitchZ, +1.978.936.aagg, sdurbha, pgladstone, markw, harry

20:21:27 [Zakim]

-Jim_Davenport

20:21:28 [Zakim]

-Wendy

20:21:33 [Zakim]

-virginie_galindo

20:21:37 [hooley]

hooley has left #crypto

20:21:53 [harry]

Karen, if you can send this link the mailing list for review: https://www.w3.org/2012/06/11-crypto-minutes.html

20:21:58 [Zakim]

-harry

20:22:04 [Zakim]

-Karen

20:22:05 [Zakim]

SEC_WebCryp()3:00PM has ended

20:22:05 [Zakim]

Attendees were +33.6.13.23.aaaa, +1.707.799.aabb, virginie_galindo, Wendy, +1.773.939.aacc, Jim_Davenport, vgb, +1.650.214.aadd, rsleevi, wtc, ddahl, +1.408.540.aaee,

20:22:05 [Zakim]

... +1.512.257.aaff, Mike_Jones, emily, hhalpin, Karen, MitchZ, +1.978.936.aagg, sdurbha, pgladstone, markw, harry

20:22:52 [wseltzer]

present+ virginie_galindo, Wendy, Jim_Davenport, vgb, rsleevi, wtc, ddahl, Mike_Jones, emily,

20:23:12 [wseltzer]

present+ hhalpin, Karen, MitchZ, sdurbha, pgladstone, markw,

20:23:20 [wseltzer]

rrsagent, make minutes

20:23:20 [RRSAgent]

I have made the request to generate http://www.w3.org/2012/06/11-crypto-minutes.html wseltzer

20:23:39 [PhilipG]

PhilipG has left #crypto

20:24:07 [wseltzer]

RRSAgent, make log public

20:24:11 [wseltzer]

rrsagent, bye

20:24:11 [RRSAgent]

I see 2 open action items saved in http://www.w3.org/2012/06/11-crypto-actions.rdf :

20:24:11 [RRSAgent]

ACTION: Add use-cases from the survey to the wiki [1]

20:24:11 [RRSAgent]

recorded in http://www.w3.org/2012/06/11-crypto-irc#T19-32-55

20:24:11 [RRSAgent]

ACTION: VGB and RSleevi to write a proposal and send to mailing list for approval next meeting [2]

20:24:11 [RRSAgent]

recorded in http://www.w3.org/2012/06/11-crypto-irc#T20-14-59